github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-03-11 17:48:44 -05:00
Code Issues 219 Packages Projects Releases 2 Wiki Activity
Files
a42b4f37bde58596a3b69482cd5a67641a94f62d
vikunja/frontend
History
kolaente a42b4f37bd fix: prevent reflected HTML injection via filter URL parameter 
TipTap's setContent() parses strings as HTML via DOMParser, allowing
crafted ?filter= URL parameters to inject SVG phishing buttons, anchor
tags, and formatted content into the trusted UI.

Use ProseMirror JSON document format instead of raw strings so the
filter value is always set as a text node, bypassing HTML parsing
entirely.
2026-02-25 12:01:57 +01:00
..
docs
originalMedia
patches
public
scripts
feat: add subsets for all supported languages
2025-08-17 23:11:30 +02:00
src
fix: prevent reflected HTML injection via filter URL parameter
2026-02-25 12:01:57 +01:00
tests
test: add e2e tests for session refresh and retry interceptor
2026-02-25 10:30:25 +01:00
.editorconfig
.env.local.example
.gitignore
chore(tests): remove Cypress, use Playwright exclusively (#1976)
2025-12-12 20:07:18 +00:00
.npmrc
chore(tests): remove Cypress, use Playwright exclusively (#1976)
2025-12-12 20:07:18 +00:00
.nvmrc
chore(deps): update node.js to v24.13.0
2026-01-15 09:43:02 +01:00
.stylelintrc.json
chore(tests): remove Cypress, use Playwright exclusively (#1976)
2025-12-12 20:07:18 +00:00
CHANGELOG.md
cliff.toml
embed.go
env.config.d.ts
env.d.ts
chore(tests): remove Cypress, use Playwright exclusively (#1976)
2025-12-12 20:07:18 +00:00
eslint.config.js
chore: downgrade depend/ban-dependencies to warning
2026-02-17 12:00:31 +01:00
histoire.config.ts
index.html
LICENSE
netlify.toml
package.json
chore(deps): update dev-dependencies to v8.56.1
2026-02-23 20:50:07 +01:00
playwright.config.ts
feat: make sidebar resizable (#1965)
2025-12-12 10:46:46 +00:00
pnpm-lock.yaml
chore(deps): update ajv to 6.14.0
2026-02-24 21:52:28 +01:00
README.md
tailwind.config.js
tsconfig.app.json
tsconfig.config.json
chore(deps): replace dev-dependencies (#1990)
2025-12-16 08:51:06 +00:00
tsconfig.json
tsconfig.vitest.json
vite.config.ts
feat(frontend): make dev server port configurable via VIKUNJA_FRONTEND_PORT env var
2026-02-21 22:32:09 +01:00

README.md

Web frontend for Vikunja

The todo app to organize your life.

License: AGPL-3.0-or-later Translation

This is the web frontend for Vikunja, written in Vue.js.

Take a look at our roadmap (hosted on Vikunja!) for a list of things we're currently working on!

For general information about the project, refer to the top-level readme of this repo.

Project setup

pnpm install

Development

Define backend server

You can develop the web front end against any accessible backend, including the demo at https://try.vikunja.io

In order to do so, you need to set the DEV_PROXY env variable. The recommended way to do so is to:

  • Copy .env.local.example as .env.local
  • Uncomment the DEV_PROXY line
  • Set the backend url you want to use

In the end, it should look like DEV_PROXY=https://try.vikunja.io if you work against the online demo backend.

Start dev server (compiles and hot-reloads)

pnpm run dev

Compiles and minifies for production

pnpm run build

Lints and fixes files

pnpm run lint

License

This project is licensed under the AGPL-3.0-or-later license. See the LICENSE file for details.

Reference in New Issue View Git Blame Copy Permalink